It all started with the loss of a memory stick by a UK Government contractor which contained somewhere around 120,000 records, including the details of 10,000 of our nation's most serious criminals. We then heard about a compromise at global hotel chain Best Western...]]> Wed, 27 Aug 2008 20:00:00 +0000 global hotel chain olympic sport summer vacation pole position data government contractor medals table memory stick nation If there were gold medals for Data Leakage... http://securityratty.com/article/46c7e0efa77faded5fcee3e9a656ee0d http://securityratty.com/article/46c7e0efa77faded5fcee3e9a656ee0d Making pollen while the sun shines: Loyal readers, I'll be taking the next week off for some serious staycationing, enjoying the variable Seattle weather, playing with the kids, and generally relaxing. I hope you are all doing the same, wherever in the world you are.

Please withhold all serious and interesting wireless news until after Labor Day, 'kay?

It’s a good reminder for all you folks– always plan ahead and have a good backup and recovery strategy. It might also be a good idea to make sure someone on your staff has first aid and medical training in case of office emergencies, acts of god, and the occasional pirate attack.

Lo and behold time works its wonders and I can type again. Watch me rejoice! And post interesting articles for your professional entertainment. Stay tuned.

Dear network vendor,

As someone that is forced to configure and implement security on your hardware, I would greatly appreciate stable code and properly functioning features. Unfortunately, I cannot always choose the hardware my customers are using in their infrastructure. However, if you would like for me to recommend they continue purchasing and using it, then the product must demonstrate to me that it is: capable, reliable, predictable and well-documented. If your product is not meeting these requirements, I’m forced to recommend other solutions to your (current) customer.

Stable Code. If I have to spend 2-6 hours per implementation working through your product’s bugs, and then must either spend time on a support call or spend time getting packet captures to prove to you it’s not working, I am not a happy camper because you’re slowing down my progress. Your customer is not happy because they’re paying for that time and I’m not cheap.

Features. Don’t publish in technical documentation that your product, or code can do something, only for me to find out later that it cannot. On-site in the middle of an implementation is not the time to architect Plan B. Let me know before, either through technical docs, white papers, best practices or release notes. I do read those. If you want to bend the truth, do it the marketing fluff, not my technical documents.

Documentation. If your product does do what you say it does, then please do document and explain the concepts and procedures. Examples are good, but explanations are mandatory. A correct CLI reference is always lovely as well. If there are got’chas or tricks, please also document those. Again, white papers or release notes are fine. Having to track down the one security engineer from your company that holds the magic key is not practical, nor scalable. Plus, he may be on vacation during my install, which would make me irate.

Support. If your product is not functioning or performing as expected, do NOT expect your customers to have a current maintenance contract to address a known issue or bug (or an un-known issue or bug for that matter). If they found a bug for you, you should probably give them a maintenance contract for a year… or two. If you don’t let us call support, I will find one of your pre-sales engineers and we will use him or her for post-sales support, which is not what you want them to do. But that’s your problem, not mine.

I believe that sums up the major issues. Specifically, I am interested in security, RADIUS, SSH, SNMP, DHCP and 802.1X functions. Before you add another bell or tweak another whistle, please make what you have works… consistently. That should be first, so it’s my Feature Request #1.

Respectfully,

jj

# # #

Ostensibly this purchase allows JetBlue a faster and simpler path into operations. Whether it's worth it to JetBlue is hard to tell, except that they will likely be marketing this service to other airlines as a differentiator. It will be lower bandwidth than AirCell, but could be likewise cheaper and used for shorter-haul flights.

Verizon notes some of the technical details of their service's business status on a FAQ for their corporate customers, which has an oddly large amount of business detail. Verizon was obligated within two years of the end of the auction for the spectrum they occupied with their very inefficient narrowband analog service to cease operations on those frequencies. That date is about now (the certification of the auction results was close to two years ago), and Verizon clearly worked out the details to allow current customers to maintain continuity through the spectrum vacation and into JetBlue's hands on January 1.

As I noted a few days ago, a few sources had already tipped me that JetBlue's test aircraft with Wi-Fi onboard and email was using the ancient Airfone network, which is capable of slow dial-up modem speeds, rather than using the 1 MHz which could conceivably carry over 500 Kbps of data in each direction per plane.

Creative drops Wi-Fi music player: The formerly leading portable music player firm, before Apple and Microsoft entered the biz, confirmed a report that the Zen Share existed, but that the company chose to drop that Wi-Fi-enabled player. An under-wraps player may appear in about two months that could include Wi-Fi--the name Zen X-Fi could be revealing or not, as X-Fi is an audio-processing technology.

Inspiair's physics-defying technology sold, relabeled Max-Fi: I express my doubts about the combination of marketing promises, including area covered, low latency, and speed, and the collision of those promises with the laws of physics as well as regulatory issues. The lack of sales, noted in the article, tends to confirm my opinion, which is precisely what happened with Vivato after early positive response led to devices being built that couldn't meet the mark. Current claims are 30 sq km with 14 access points for outdoor coverage at the port of Antwerp, a network that's in a test. I wrote about Inspiair back in 2006.

Foster City, Calif., turns down MetroFi equipment offer: The city decided against paying $200,000 for MetroFi's gear, which serves about 1,500 people a month, partly because yearly operations would top $125,000.